ComfyCon AU, April 2020

In the beginning, there was a tired, redheaded “cyber guy”. He’d just gotten off over 24 hours of flights with his partner, cutting their holiday short and returning with their tail between their legs to their home country before all intermediate countries closed their borders.

He was supposed to go to Brisbane 2 days later to present at a conference, but that had already been cancelled. There were murmurs that other cons would have to cancel, and we’d all have to go into isolation.

Less than 12 hours later, ComfyCon AU had a logo, an organisational team with mentors, a RedBubble store for merch, a website, and an EOI for speakers.

We had 1200 people sign up (though we didn’t require sign ups), from numerous countries (Australia, New Zealand, Germany, UAE, Indonesia), 103 sales of merch (with multiple items per sale), and over 16 hours of footage to cut into chunks by the end of the 2 days.

And a community brought together in really difficult circumstances.

The line-up

Access your social media archives!

You can download archives of a lot of your history on social media sites as a result of the GDPR requirements being brought into play.

Read More

An Introduction to Drone Security

Drones are literally flying laptops. There are a lot of attack vectors that exist but also a number of key things you need to be aware of in the physical and kinetic space; it’s no longer a case of simply compromisable IoT.

Read More

Automating the Boring

Cyber is schmick! It’s pretty! It lets me hunt down bad guys and nuke ’em from orbit!

Read More

Careers Panel

A panel on how to get a career within cyber security.

Read More

Code that gets you pwn(s|'d)

In this talk, Louis will cover examples of vulnerabilities that are not necessarily obvious.

Read More

CV Workshop

Ricki runs through his top tips for developing a CV, what you should and shouldn’t do, and what industry hiring representatives look for.

Read More

Dependencies: Barely Managing

Colloquially, infosec and developers don’t share a unified definition for concepts like “dependency management”.

Read More

Digging Deeper with Velociraptor - DFIR Beast Mode…

The old way of performing in-depth forensic analysis and incident response with your existing tools is clearly not adequate or scalable to many endpoints.

Read More

Disclose.io - Vulnerability Disclosure and Hacker Safeharbor in 2020

After 40 years of hard-fought battles, the Internet has finally reached a place where it knows that hackers aren’t always burglars… Many of us are locksmiths.

Read More

Fireside chat with Tilley

Interesting stories and insights into the world of cybercrime from someone with a unique understanding from a long history.

Read More

Good Incident Response; More Than Just Tech Stuff

Looking back at some of of the previous Incident Response operations he led, Ryan will give an overview into some of the critical functions and skills required of Incident Response personnel.

Read More

Hanging on the Telephone: Hacking VoIP

Before security, Sarah spent a decent amount of her career deploying VoIP systems.

Read More

How to Fight a Virus with a Spreadsheet

Reporting is an important part of Infosec but reports often get ignored.

Read More

How to keep kickass women in tech - take a lesson from snowboarding

What’s the point of hiring kickass women if you don’t have an environment that supports their growth and desire to stay with your company?

Read More

How to sort your sabotage plans

There’s a lot of work in maintaining documentation for systems to ensure they are effective for use by someone other than the creator.

Read More

Introduction to Lockpicking

An introduction to Lockpicking from some of the youngest members of our community!

Read More

Is there anyone on board who can fly a DevSecOps plane?!

We are three years into our Enterprise Secure Code program, and last year we embarked on DevSecOps at scale.

Read More

Lies, Deception and Fantasy

We, the defenders, play in a highly adversarial game. The game is played in the open and the rules require us to hand our adversaries all the information required to defeat us.

Read More

Meditation for Crisis Professionals

For both crisis professionals and professionals in crisis, this session examines the effects of long term stressors, and provides a practical framework on how to manage them.

Read More

OSINT, A learning journey

OSINT is any sort of intelligence gained through any publicly available source.

Read More

Overcoming Cyber Performance Anxiety: The Continuous Cyber Maturity Model

Unending data breaches, outages and compromises can leave security senior leadership with “cyber performance anxiety” and organisations asking the question; does our security program REALLY deliver the outcomes we need?

Read More

Pwnagotchi your new digital pet!

Do you remember Tamagotchi? Learn about Pwnagotchi your open source, digital pet based on Raspberry Pi Zero W.

Read More

Security at the speed of DevOps

Today, Speed to market is everything. But speed and security can both be achieved at the same time.

Read More

The CIA Triad: Staying Sane in Crazy Times

We’re all familiar with the CIA triad since it’s the model that is used to guide policies for information security in an organisational setting.

Read More

Things to do with a Faraday Cage

I recently bought a commercial desktop Faraday Cage/Box. It has USB, POE, and SMA pass through.

Read More

Using Interlace for organising tests, and multithreading over targets

A quick primer on how Interlace can be used for “on the fly” pentesting or bug bounty tests over large targets, CIDR or glob ranges as well as useful tricks for how it can be deployed to organise and store the results of tests.

Read More

Vulnerability research as a lifestyle

Have you been on twitter recently and seen tweets about people finding vulnerabilities in <insert_software_name_here>?

Read More

Why you should go get it…

This talk is about why people should back themselves and go out on their own, start a company, build things that they want to build, work for people they want to work with.

Read More

Zero Trust ... it is not just about infrastructure

Zero Trust is probably the most overused buzzword in the industry, and probably the least understood.

Read More